Securing the Database

A newer version of this documentation is available. Use the version menu above to view the most up-to-date release of the Greenplum 5.x documentation.

Securing the Database

Introduces Greenplum Database security topics.

The intent of security configuration is to configure the Greenplum Database server to
eliminate as many security vulnerabilities as possible. This guide provides a baseline for
minimum security requirements, and is supplemented by additional security documentation.

The essential security requirements fall into the following categories:

Authentication covers the
mechanisms that are supported and that can be used by the Greenplum database server to
establish the identity of a client application.

Authorization pertains to the
privilege and permission models used by the database to authorize client access.

Auditing, or log settings, covers the
logging options available in Greenplum Database to track successful or failed user
actions.

Data Encryption addresses the
encryption capabilities that are available for protecting data at rest and data in
transit. This includes the security certifications that are relevant to the Greenplum
Database.

Platform Hardening

Platform hardening involves assessing and minimizing system vulnerability by following best
practices and enforcing federal security standards. Hardening the product is based on the US
Department of Defense (DoD) guidelines Security Template Implementation Guides (STIG).
Hardening removes unnecessary packages, disables services that are not required, sets up
restrictive file and directory permissions, removes unowned files and directories, performs
authentication for single-user mode, and provides options for end users to configure the
package to be compliant to the latest STIGs.